argocd repo secret
This commit is contained in:
@@ -169,78 +169,33 @@ This creates two files:
|
||||
|
||||
Add the private key to ArgoCD as a repository secret:
|
||||
|
||||
Save the following file in private/ (gitignored) folder as secret.yaml
|
||||
```bash
|
||||
# Create secret for sturdy-adventure repository
|
||||
kubectl create secret generic repo-sturdy-adventure \
|
||||
--from-file=sshPrivateKey=argocd-deploy-key \
|
||||
--namespace=argocd \
|
||||
--dry-run=client -o yaml | kubectl apply -f -
|
||||
|
||||
# Label it for ArgoCD to recognize
|
||||
kubectl label secret repo-sturdy-adventure \
|
||||
-n argocd \
|
||||
argocd.argoproj.io/secret-type=repository
|
||||
|
||||
# Add repository annotations
|
||||
kubectl annotate secret repo-sturdy-adventure \
|
||||
-n argocd \
|
||||
managed-by=argocd.argoproj.io
|
||||
```
|
||||
|
||||
Alternatively, create a complete repository secret with all metadata:
|
||||
|
||||
```bash
|
||||
kubectl apply -f - <<EOF
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: repo-sturdy-adventure
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: forte-helm-repo
|
||||
namespace: argocd
|
||||
labels:
|
||||
argocd.argoproj.io/secret-type: repository
|
||||
annotations:
|
||||
managed-by: argocd.argoproj.io
|
||||
type: Opaque
|
||||
stringData:
|
||||
stringData:
|
||||
type: git
|
||||
url: git@github.com:fortedigital/sturdy-adventure.git
|
||||
url: git@github.com:fortedigital/forte-helm.git
|
||||
sshPrivateKey: |
|
||||
$(cat argocd-deploy-key | sed 's/^/ /')
|
||||
EOF
|
||||
<paste your private key here>
|
||||
project: default
|
||||
```
|
||||
Seal the secret using `kubeseal` command
|
||||
```bash
|
||||
kubeseal --format=yaml \
|
||||
--namespace=argocd \
|
||||
< private/secret.yaml \
|
||||
> secrets/forte-helm-repo-secret-sealed.yaml
|
||||
```
|
||||
|
||||
**Step 4: Register Repository in ArgoCD**
|
||||
|
||||
Add the repository to ArgoCD's configuration:
|
||||
|
||||
```bash
|
||||
# Via kubectl (recommended for GitOps)
|
||||
kubectl apply -f - <<EOF
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: repo-sturdy-adventure
|
||||
namespace: argocd
|
||||
labels:
|
||||
argocd.argoproj.io/secret-type: repository
|
||||
type: Opaque
|
||||
stringData:
|
||||
type: git
|
||||
url: git@github.com:fortedigital/sturdy-adventure.git
|
||||
sshPrivateKey: |
|
||||
$(cat argocd-deploy-key | sed 's/^/ /')
|
||||
insecure: "false"
|
||||
enableLfs: "false"
|
||||
EOF
|
||||
|
||||
# Or via ArgoCD UI
|
||||
# 1. Open ArgoCD UI: kubectl port-forward svc/argocd-server -n argocd 8080:443
|
||||
# 2. Navigate to: Settings → Repositories → Connect Repo
|
||||
# 3. Connection Method: Via SSH
|
||||
# 4. Repository URL: git@github.com:fortedigital/sturdy-adventure.git
|
||||
# 5. SSH private key: Paste private key content
|
||||
# 6. Click "Connect"
|
||||
```
|
||||
Check in secrets/forte-helm-repo-secret-sealed.yaml and let Argo sync and create the secret.
|
||||
|
||||
**Step 5: Verify Repository Access**
|
||||
|
||||
@@ -402,7 +357,7 @@ ssh-keygen -t ed25519 -C "argocd-sturdy-adventure" -f key-sturdy -N ""
|
||||
ssh-keygen -t ed25519 -C "argocd-helm-values" -f key-helm-values -N ""
|
||||
# Add key-helm-values.pub to: https://github.com/fortedigital/helm-values/settings/keys
|
||||
|
||||
# 3. forte-helm is public - no key needed (use HTTPS)
|
||||
# 3. forte-helm (private helm charts repo)
|
||||
|
||||
# Create secrets
|
||||
kubectl create secret generic repo-sturdy-adventure \
|
||||
|
||||
20
secrets/argocd-forte-helm-secret-sealed.yaml
Normal file
20
secrets/argocd-forte-helm-secret-sealed.yaml
Normal file
@@ -0,0 +1,20 @@
|
||||
---
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: forte-helm-repo
|
||||
namespace: argocd
|
||||
spec:
|
||||
encryptedData:
|
||||
project: AgBBeKBtro27DMJ+9YFjSlvv+XWyotBojRbaDVPDfwH0MoXST9zUKZSXDgbuJ5sy8dQYhfCZgtfjcNpWbCmLoURZMm1aPa0U05bG7Hz2EnO+39qcgpH/jzEzp0AsZ9YgMafgI0EyL63RnVmvvcFT81fNe4P6vlKjz+dyhIuXbELhDjabNE+QwsLmQkty7R6isJSx42+aEGliD69FcFjlvwz75L7y2Rck1eodUVbaTX3qdG/bSFCTWawCqnj27oEn+qYwcvrS/B8MsiG8XkcmAxy3QVHAW4waBQ/6IALqBaviXunye7TOujgfn996sQWEZz9e6tVsbh1I4i/1T44rtqiot3EuFMMuYN1C6JMb53lUI9KM/TMWM3U/B/MgFR7DbXRF8/VRkBqVJFv/PZWKxTNbnYEhdPBPZojZNhHntdFZNw7l9Pr251mPI9UCU+Mc+RKtluKb+c40C9Ty1TGaV0DQ3UtA+1zbotDVGx21P7tAwplz22czu0GSUZu3nDDEPoyQoI1YG4TBvqKwuFbxJZASUglDmwyzFG15QIn03zE661ETR1ETXMbqxJR8yWmY7G5R1aNMCX9oc5l+xS6lUuUsI/fmN58VA3i82j4jEB/+oPyQ6bxsiteGXkvIz4ONxh2Ve+FmgxaDNLJNH0RHnJ7J/mJARfn43o264ONq7eTt2HuOgoP9UIsOPXuDmlBo1oZ0zxWXUEST
|
||||
sshPrivateKey: AgBNgdWFu4x9CEgKftriZCnjSPNgV+RpAxi8/N0XawXATbQEtsMHfctTsRtwsOvaEvCehlLq7dJWRmPiuTGZ7fA2vaetoj7ppa59kHJtEO4teVcU5n64glLV5EqZbwm/nel0b5ri+otrY2zjo/tomt/7e0K30OZbe3Wghr6pDH8MrScAxO+VqgJHqqXeFayY2cC4e/mZXGu7J+FKBl3si/i6nKtKFhaqCKF+Wn4tou7wZDIdx4A+jWUxTnQquQU8IdaZof0hUNKrmmD1ayK5mJxfOBLqt9TXoTKGwkZJkdr0Pvo8tx1DqTCfpyL9Ur7B7H4G5x9n+AaD6+Iwn0eohty+NPLoy3v6JYYayZb9Foi41EzRHm+W9Cc0TcDBNTN8kR9u713n+YNuFHCaALx4iR28svfKHHjsOEzZ5688WXuph2+eLm+DW03obRDGJYi25j9URYX31LJSTMEs0rhhsUn3eeipUjQ2Fdo3xXFnALLOci0XjRd6YvuR5DN1pkj4KFcMzHvTkyM8jG9eTHGloW55zFTNtb9QkNz+x75RRpCmNlT0bKqAjxfov70K8gbSIzZ7d77iai68JQ/FnTjuL8Gx2Jyr/ltlVnql4fpv1u691SCCTvoz6aAVknn63SXdrnJ9hv+/Nb01MZhYAciYgvAAoxAOT3UOpIBnJ5h/VUacJ+Op26jtSsWrMjAtVSN2RjqzXAbVe/HONpE76vEfDHKizHEUriT7y1WoOUxcbwGIFAzSDM2OidUW/SstCNCmGQ9Whdq427X+eQIh2h+EpCPYXy3YTuWfSISgkA74bSVeX+2mHpwgo+5GPfiAQmHajdZLYTo+GAaty7VdNWTL1AEdgFkYR4TwaeR8DcLe03efg5Q1SLd1I0+kjtkVQcWsnTnchnMcXK1tvOAcNc9MY9pKNh/gW/nAnsAyfEA9opl2LFyywpeDizDdowO99meiJB7+ISS1lOI5f7xvcM6ovEcTugj4Dwv05546Zxb1ziIGbhq5kiD5FIMCPzBo0vX4XXeUa0GRIVCHRxgygi17bTMwKGKRKGusduBVbc/+OKaX5ciAtxPSq85Z6XCXSEXzajsIFkasQtm7tt44U80fAlwmgAfGdRQMF5CcEW7x5WyXVb6mZUt3GgQmPdfrP6kTgaxXGTkGsbb5bcsbf3DeoAdiJ1rJPBVX4z10cJsdRCKI+d0VwVLu59eheOajdvPxdhR+tNhJfavaUKtj7THrMJUq7WPZq4GlPQpO7S3+Q6V1e6eaSw==
|
||||
type: AgBf+Wb64fdsnUEwpxRcWg8fRtMi8MisZOA9gm/uwA2u+OZUNh/vHO5hzjxG3NVeT+6sOM3iJJhnLHTv7nxykP//3qG/PqkVPPYPvGm5v8sd698Ga146FsOKQzga7mn8vGZ2FYyZmfq2l3ZBS2j+12M6TtXw5a4dqCtrVq5FbvBr9MBKTxpHdKnpgddxyWYxE9uSgFm+2IrT9hH7OAhke0NrQQwbDFpOI/y2xhgaIGp/E78G+8Ijwc0ofrd8XIjKWcesXD4uQqTBHZfcoanMWlSqrfXDxSRiBNVkHot1AnE8DiukL3+Dntxr6bh3bIZWvsHuNa9fQnjH6BNskYQSYopreHdujsvYDm19vqHNpkW1mTmjdimWgxX5Ot2kzcnuguA4Qn2JjpLicT2GbNIEcI6rjghTM6CATOFWmiF933uIXhDN9RlfMR/+hTLisFvnZmdsH/6byvoe39UxavtVEKsSPCa3h2FN5O2HKrccWrAZ9fQdDtIzwVMXi48rsi5sB05By2WetsUMu3JdRlM8noQ3qtrKzdtjyQIUFJcIxRkL8mKz5lkXPKjn7qlItUY5VG6dnhHQRTxYdAxn3jKMpYh0jEtloI3m3SEXhfE9JPbA4RIgNi8evnRBMKwBwEr8mU52DbB1J3gU7Gm9IOYBsOgq0U1BkzqCqIaThoUWXCNGkAG3rc7uLuyOaHHVEBLsmu+m1cE=
|
||||
url: AgB3C9i/Ue7oHmeoLQCr8BVYIqYIT8EmrhkFjj+vjBSTynYwoFonaiPMqDJ2XewJV9WpO6wL0IYH/cK0BkhbPhjN6oQ88Qn1MkuVCjtGht1cUeOzRtSE8hdqoOKaagFb4pcgwwm8ldU7bry3KioXnz36YaU7wcddUkHVQYQOp6DvcxtjonsLUFHecDcW+qL5aVzwI3CBkn0xMrc2kRiO2q2ZjR7BNNddNUw5f1v3fYNE0PARd+bVyegSEMuBRoh1amautWEfuYoCENPqhfd9Umbs9eml/j86pj9mvkVZ2CzRt78V+C3ciMZM6QlLV+BdiPm99/igyvZScDEB/tUrMaj/K6qhMYG7r8jNBQrsg3luvTVFcC75e8aSgfRJ0QDiYmtZ5fP+8AS+l2pyRFMkbOMAk62LCqAiXuXk/vC412Lrk4NkEIxqCDnf771PTOkbXYXNlHzC2w1AZSkvPqKjIvJbLCkCxGFVBeUmlZzcCIYDeXTpIRwZsVIo+sGpjbR8soeTb8suw6GqYjgXPhXm/S1kpL6yAXfCFCXmyxntMZCuWuFPPWfwzn5GDfSJS7Hz43cuh7vwrQ78xC1wQRs7EObWNUbLIfvWEypvncYmixKY8+02SrDwzcwADimJKMxs7Bp10rkMO4HkpcFDisVyHCgBbfG3BYFo0sT5+FN6b5Bhuo6hUaCzEe9HAeSIFNuKaX5wYbY1MzsRoWOvydStoQa9KwVeZwBPzZV0VW2c3wMRT1pNN4s2THGlphw=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
labels:
|
||||
argocd.argoproj.io/secret-type: repository
|
||||
name: forte-helm-repo
|
||||
namespace: argocd
|
||||
Reference in New Issue
Block a user